The story about South Africa’s indiscriminate mass surveillance has been gaining an audience and more people are starting to ask questions. Before I return to it, there is another telecommunications company on the continent that is about to possibly experience a severe headache real soon.

Earlier in 2018, Benedict Kabugi, a Safaricom customer, laid charges against Safaricom for leaking his data along with the data of other 11,5 million other customers. Specifically, on 20 May 2019 Kabugi reports that he was approached by someone in possession of a database containing the personal details of 11,5 million Safaricom customers which also contained their sports betting transaction history.

On the same day, Kabugi went to a police station to lay a charge against Safaricom.

Kenya's Safaricom is facing a lawsuit filed by a customer for leaking 11,5 million details of customers. An even bigger headache is that the company is allegedly about to be sued in Europe, based on GDPR laws, for leaking the same data.

Since then, the case and hype around it seemed to have slowed down. However, this week, some information has come to light that, Charles Kimani, an ex-Safaricom employee, has implicated the company by saying that it allegedly sells customers’ data without the customers' knowledge or consent.

Charles Kimani and others were arrested by Kenya's police for being in possession of the database, that case is ongoing separately from the data leak case.

In his handwritten statement to Kenya’s Police (starting from page 18 onwards), Kimani makes some allegations that Safaricom sells customers data to various service providers. This, the selling of Safaricom customer data, especially to betting companies and micro-lenders, has always been a suspicion by many Kenyans.

Many have wondered how it was possible for microlenders and betting companies would not only have their mobile numbers but also their names so they could send them personalized marketing messages.

From page 18 onwards of his statement to Kenya's Police, Charles Kimani (ex-Safaricom employee) alleges that the telecommunications company sells customer data to other service providers.

The invasion of a privacy issue is obvious if these allegations against Safaricom are true. For me though, the bigger question is what else is Safaricom, or other telecommunications companies doing that we are not aware of. I believe this is a valid question considering the amount of data, communications, and transactions that go through telcos every single day.

In light of what we’ve come to learn about South Africa’s bulk interception of communications, it’s also worth asking if telcos are in any way cooperating with states and giving them backdoors into their networks.

On Monday, I asked this and other questions (related to the tapping of undersea cables by South Africa’s State Security Agency) to a pan-African telecommunications company and the answer the gave iAfrikan several days later didn’t leave me with any comfort:

SEACOM cannot comment on the questions you have shared.”
Subcribe to our Daily Brief newsletter
Insights and analysis into how business and technology impact Africa. We promise to leave you smarter and asking the right questions every time after you read it. Sent out every Monday to Friday.

Marketing permission: I give my consent to iAfrikan Media to be in touch with me via e-mail using the information I have provided in this form for the purpose of news, updates, and marketing related to the Daily Brief newsletter.

What to expect: If you wish to withdraw your consent and stop hearing from us, simply click the unsubscribe link at the bottom of every email we send or contact us at [email protected] We value and respect your personal data and privacy. Do read our privacy policy. By submitting this form, you agree that we may process your information in accordance with these terms.

Share this via: